File _patchinfo of Package patchinfo.23099

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.23099

<patchinfo incident="23099">
  <issue tracker="cve" id="2018-1100"/>
  <issue tracker="cve" id="2021-45444"/>
  <issue tracker="cve" id="2019-20044"/>
  <issue tracker="bnc" id="1089030">VUL-0: CVE-2018-1100: zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution</issue>
  <issue tracker="bnc" id="1196435">VUL-0: CVE-2021-45444: zsh: Prompt expansion vulnerability</issue>
  <issue tracker="bnc" id="1163882">VUL-0: CVE-2019-20044: zsh: insecure dropping of privileges when unsetting PRIVILEGED option</issue>
  <packager>pperego</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for zsh</summary>
  <description>This update for zsh fixes the following issues:

- CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be 
  executed related to prompt expansion (bsc#1196435).
- CVE-2019-20044: Fixed a vulnerability where shell privileges would not be
  properly dropped when unsetting the PRIVILEGED option (bsc#1163882).
- CVE-2018-1100: Fixed a potential code execution via a stack-based buffer
  overflow in utils.c:checkmailpath() (bsc#1089030).
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.23099

Places